Page 2 of 6 results (0.003 seconds)

CVSS: 10.0EPSS: 96%CPEs: 37EXPL: 3

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. La URL de /gena.cgi del endpoint UPnP en el router Wi-Fi D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permite a un atacante remoto no autenticado ejecutar comandos del sistema como root, mediante el envío de una petición HTTP SUBSCRIBE especialmente diseñada en el servicio UPnP cuando se conecta a la red local. D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials. D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. • https://github.com/Squirre17/CVE-2019-17621 http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104 https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147 https://www& • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •